Monitoring Service Chains in the Cloud

Service chaining in the cloud is a new trend that network operators are moving towards. Service chaining in the cloud, is the process of virtualizing various services in the cloud instances and linking them together in order to create a chain of services. Aside from the benefits that it provides for the subscribers and network operators, it needs further considerations to be fully applied and utilized. Since service availability is a key concern for network provider and operators, the availability of service chain requires careful attention. The goal of this thesis work is to investigate how to monitor service functions that form the service chain in the cloud. By monitoring the service functions we aim to inspect the running services and report occurrence of abnormality (i.e. heavy work load), to our main monitoring platform, in order to trigger corresponding operations. We believe with monitoring the services we can increase their availability with low overhead. Our main contribution in this work, is to build a platform that can control and monitor the services in the cloud in order to enhance their availability

A Distributed Architecture for the Monitoring of Clouds and CDNs: Applications to Amazon AWS

Clouds and CDNs are systems that tend to separate the content being requested by users from the physical servers capable of serving it. From the network point of view, monitoring and optimizing performance for the traffic they generate are challenging tasks, given that the same resource can be located in multiple places, which can, in turn, change at any time. The first step in understanding cloud and CDN systems is thus the engineering of a monitoring platform. In this paper, we propose a novel solution that combines passive and active measurements and whose workflow has been tailored to specifically characterize the traffic generated by cloud and CDN infrastructures. We validate our platform by performing a longitudinal characterization of the very well known cloud and CDN infrastructure provider Amazon Web Services (AWS). By observing the traffic generated by more than 50 000 Internet users of an Italian Internet Service Provider, we explore the EC2, S3, and CloudFront AWS services, unveiling their infrastructure, the pervasiveness of web services they host, and their traffic allocation policies as seen from our vantage points. Most importantly, we observe their evolution over a two-year-long period. The solution provided in this paper can be of interest for the following: 1) developers aiming at building measurement tools for cloud infrastructure providers; 2) developers interested in failure and anomaly detection systems; and 3) third-party service-level agreement certificators who can design systems to independently monitor performance. Finally, we believe that the results about AWS presented in this paper are interes

A Study of Very Short Intermittent DDoS Attacks on the Performance of Web Services in Clouds

Distributed Denial-of-Service (DDoS) attacks for web applications such as e-commerce are increasing in size, scale, and frequency. The emerging elastic cloud computing cannot defend against ever-evolving new types of DDoS attacks, since they exploit various newly discovered network or system vulnerabilities even in the cloud platform, bypassing not only the state-of-the-art defense mechanisms but also the elasticity mechanisms of cloud computing. In this dissertation, we focus on a new type of low-volume DDoS attack, Very Short Intermittent DDoS Attacks, which can hurt the performance of web applications deployed in the cloud via transiently saturating the critical bottleneck resource of the target systems by means of external attack HTTP requests outside the cloud or internal resource contention inside the cloud. We have explored external attacks by modeling the n-tier web applications with queuing network theory and implementing the attacking framework based-on feedback control theory. We have explored internal attacks by investigating and exploiting resource contention and performance interference to locate a target VM (virtual machine) and degrade its performance

Cost and Latency Optimized Edge Computing Platform

Latency-critical applications, e.g., automated and assisted driving services, can now be deployed in fog or edge computing environments, offloading energy-consuming tasks from end devices. Besides the proximity, though, the edge computing platform must provide the necessary operation techniques in order to avoid added delays by all means. In this paper, we propose an integrated edge platform that comprises orchestration methods with such objectives, in terms of handling the deployment of both functions and data. We show how the integration of the function orchestration solution with the adaptive data placement of a distributed key–value store can lead to decreased end-to-end latency even when the mobility of end devices creates a dynamic set of requirements. Along with the necessary monitoring features, the proposed edge platform is capable of serving the nomad users of novel applications with low latency requirements. We showcase this capability in several scenarios, in which we articulate the end-to-end latency performance of our platform by comparing delay measurements with the benchmark of a Redis-based setup lacking the adaptive nature of data orchestration. Our results prove that the stringent delay requisites necessitate the close integration that we present in this paper: functions and data must be orchestrated in sync in order to fully exploit the potential that the proximity of edge resources enables

QoE based Management and Control for Large-scale VoD System in the Cloud

<p>The Cloud infrastructure has become an ideal platform for large-scale applications, such as Video-on-Demand (VoD). As VoD systems migrate to the Cloud, new challenges emerge. The complexity of the Cloud system due to virtualization and resource sharing complicates the Quality of Experience (QoE) management. Operational failures in the Cloud can lead to session crashes. In addition to the Cloud, there are many other systems involved in the large-scale video streaming. These systems include the Content Delivery Networks (CDNs), multiple transit networks, access networks, and user devices. Anomalies in any of these systems can affect users’ Quality of Experience (QoE). Identifying the anomalous system that causes QoE degradation is challenging for VoD providers due to their limited visibility over these systems. We propose to apply end user QoE in the management and control of large-scale VoD systems in the Cloud. We present a QoE-based management and control systems and validate them in production Clouds. QMan, a QoE based Management system for VoD in the Cloud, controls the server selection adaptively based on user QoE. QWatch, a scalable monitoring system, detects and locates anomalies based on the end-user QoE. QRank, a scalable anomaly identification system, identifies the anomalous systems causing QoE anomalies. The proposed systems are developed and evaluated in production Clouds (Microsoft Azure, Google Cloud and Amazon Web Service). QMan provides 30% more users with QoE above the “good” Mean Opinion Score (MOS) than existing server selection systems. QMan discovers operational failures by QoE based server monitoring and prevents streaming session crashes. QWatch effectively detects and locates QoE anomalies in our extensive experiments in production Clouds. We find numerous false positives and false negatives when system metric based anomaly detection methods are used. QRank identifies anomalous systems causing 99.98% of all QoE anomalies among transit networks, access networks and user devices. Our extensive experiments in production Clouds show that transit networks are the most common bottleneck causing QoE anomalies. Cloud provider should identify bottleneck transit networks and determine appropriate peering with Internet Service Providers (ISPs) to bypass these bottlenecks.</p

On the placement of security-related Virtualised Network Functions over data center networks

Middleboxes are typically hardware-accelerated appliances such as firewalls, proxies, WAN optimizers, and NATs that play an important role in service provisioning over today's data centers. Reports show that the number of middleboxes is on par with the number of routers, and consequently represent a significant commitment from an operator's capital and operational expenditure budgets. Over the past few years, software middleboxes known as Virtual Network Functions (VNFs) are replacing the hardware appliances to reduce cost, improve the flexibility of deployment, and allow for extending network functionality in short timescales. This dissertation aims at identifying the unique characteristics of security modules implementation as VNFs in virtualised environments. We focus on the placement of the security VNFs to minimise resource usage without violating the security imposed constraints as a challenge faced by operators today who want to increase the usable capacity of their infrastructures. The work presented here, focuses on the multi-tenant environment where customised security services are provided to tenants. The services are implemented as a software module deployed as a VNF collocated with network switches to reduce overhead. Furthermore, the thesis presents a formalisation for the resource-aware placement of security VNFs and provides a constraint programming solution along with examining heuristic, meta-heuristic and near-optimal/subset-sum solutions to solve larger size problems in reduced time. The results of this work identify the unique and vital constraints of the placement of security functions. They demonstrate that the granularity of the traffic required by the security functions imposes traffic constraints that increase the resource overhead of the deployment. The work identifies the north-south traffic in data centers as the traffic designed for processing for security functions rather than east-west traffic. It asserts that the non-sharing strategy of security modules will reduce the complexity in case of the multi-tenant environment. Furthermore, the work adopts on-path deployment of security VNF traffic strategy, which is shown to reduce resources overhead compared to previous approaches

Open Source Solutions for Building IaaS Clouds

Cloud Computing is not only a pool of resources and services offered through the internet, but also a technology solution that allows optimization of resources use, costs minimization and energy consumption reduction. Enterprises moving towards cloud technologies have to choose between public cloud services, such as: Amazon Web Services, Microsoft Cloud and Google Cloud services, or private self built clouds. While the firsts are offered with affordable fees, the others provide more privacy and control. In this context, many open source softwares approach the buiding of private, public or hybrid clouds depending on the users need and on the available capabilities. To choose among the different open source solutions, an analysis is necessary in order to select the most suitable according with the enterprise’s goals and requirements. In this paper, we present a depth study and comparison of five open source frameworks that are gaining more attention recently and growing fast: CloudStack, OpenStack, Eucalyptus, OpenNebula and Nimbus. We present their architectures and discuss different properties, features, useful information and our own insights on these frameworks